New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
msg/async, v2: authenticated onwire encryption and new preamble format #26466
Conversation
e1c137b
to
ba672bc
Compare
src/msg/async/crypto_onwire.cc
Outdated
if(1 != EVP_EncryptUpdate(ectx.get(), | ||
reinterpret_cast<unsigned char*>(filler.c_str()), | ||
&update_len, | ||
reinterpret_cast<const unsigned char*>(plaintext.c_str()), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we may eventually want to avoid c_str() on plaintext to allow a gatherlist? as a todo item?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely TODO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
ba672bc
to
6eaad70
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes to ProtocolV2.{cc,hh} look good. Just left some minor comments.
src/msg/async/ProtocolV2.cc
Outdated
memcpy(payload, out.c_str(), out.length()); | ||
length = out.length(); | ||
} | ||
void ProtocolV2::authencrypt_payload(bufferlist &payload) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove this function, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed.
src/msg/async/ProtocolV2.cc
Outdated
ldout(cct, 21) << __func__ << " length=" << length << " total_len=" << total_l | ||
<< " sig_pad_len=" << sig_pad_l << " enc_pad_len=" << enc_pad_l | ||
<< dendl; | ||
void ProtocolV2::authdecrypt_payload(char *payload, uint32_t &length) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here (remove it?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed as well.
src/msg/async/ProtocolV2.cc
Outdated
|
||
using segment_t = ProtocolV2::segment_t; | ||
|
||
// V2 preamble is consisted with one or many preable blocks depending |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: fixing some typos:
// V2 preamble consists of one or more preamble blocks depending
// on the number of segments a particular frame needs. Each block holds
// up to 2 segments and has its own CRC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
src/msg/async/ProtocolV2.cc
Outdated
|
||
std::array<ProtocolV2::segment_t, MAX_NUM_SEGMENTS> segments; | ||
|
||
uint8_t num_extra_preamble_blocks() const { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method is not used anywhere. Should we remove it, or will it be used when implementing the support for reading multiple preamble blocks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it was for preamble chaining. We still have possibility to start doing that in the future but, at the moment, it's unnecessary as preamble became 32 bytes long. To be dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dropped.
// | ||
// It's undefined what will happen if client doesn't follow the order. | ||
// | ||
// TODO: switch to always_aligned_t |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: block size alignment. GCM can live (and lives) without it as it's a stream cipher but ultimately we don't want to be restricted to stream ciphers only.
//a/sage-2019-02-17_17:29:20-rados-wip-sage-testing-2019-02-17-0921-distro-basic-smithi/3604419 |
ba672bc
to
d6a43a5
Compare
@liewegas: it looks |
0a1d7a0
to
ae2ceaf
Compare
c6e5411
to
187db73
Compare
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
This is possible because the dropped state is/was required only by: * CephxSessionHandler, * methods removed by the previous commits. Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
…update(). Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
This change is driven by buggy buffer's life time management polluting AuthAuthorizer::bl with dangling raw_static instances. Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
3f6a881
to
774bd9d
Compare
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
* refs/pull/26466/head: msg/async, v2: fix wrong base for KeepAliveFrameAck. msg/async, v2: frame decoding operates on bufferlist. msg/async, v2: drop ceph_msg_header2 fields duplicating segment info. msg/async, v2: drop the scaffolding in preamble parsing. msg/async, v2: handle msg authentication failures. msg/async, v2: drop depedency on uint128_t. Clean up onwire crypto. msg/async, v2: fix cur_msg_size in ::reset_recv_state(). msg/async, v2: drop magic numbers for segments. msg/async, v2: get rid of magic number in SignedEncryptedFrame. msg/async, v2: get rid of the magic number for default alignment. msg/async, v2: decouple onwire segment length from logical length. msg/async, v2: follow the const bl& concept in authenticated_encrypt_update(). msg/async, v2: drop handling of extra segments in ::fill_preamble(). msg/async, v2: get rid of magic numbers for alignment. msg/async, v2: drop reserve() from onwire crypto's TxHandler. msg/async: add con_mode to debug lines msg/DispatchQueue: include con_mode in <== line common/ceph_strings: get_con_mode_name() msg/Connection: add get_con_mode() msg/async/ProtocolV2: clean up preamble comments msg/async, v2: improve debug around sending client indent. msg/async, v2: bring back the no-encryption ability. msg/async, v2: workaround con_mode handling. msg/async, v2: drop the throttles bypass. msg/async, v2: READ_MESSAGE_FRONT -> THROTTLE_DONE. msg/async: WaitFrame of V2 can be crypto processed now. msg/async: initial multi-segment support for V2. msg/async: V2 bypasses throttles just for development. msg/async: rectify reseting security state in ProtocolV2::reset_recv_state(). msg/async: switch to CRC32 for V2 preamble blocks. msg/async: bump up preamble block size to 32 bytes. msg/async: get rid of the distiction on main and extra V2 preamble. msg/async: add debug around empty ClientIdent::addrs. msg/async: V2 uses segments instead of next_payload_len, part 1. msg/async: perform V2 frame dispatch in dedicated method. msg/async: implement crc checking for main preamble of V2. msg/async: receive V2 messages with new preable format. msg/async: transmit V2 messages with new preable format. msg/async: reset crypto processors in ProtocolV2::reset_recv_state(). msg/async: preamble of V2 Frames is now encrypted and authenticated. msg/async: slightly rework ProtocolV2 preamble crafting. msg/async: reset the rx stream handler in ::handle_read_frame_length_and_tag. auth, msg/async, v2: drop AuthStreamHandler and AES128GCM_StreamHandler. msg/async: Messages in Protocol2 are crypto-processed only once. msg/async: SignedEncryptedFrame uses ceph::crypto::onwire. msg/async: expose message segmentation to ::write_message(). auth: implement ceph::crypto::onwire with OpenSSL EVP. auth: introduce ceph::crypto::onwire interfaces. msg/async: decouple MessageHeaderFrame from SignedEncryptedFrame. msg/async: move Protocol* asserts in SignedEncryptedFrame to compile time. msg/async: simplify encryption handling in the PayloadFrame class. auth: drop AES128CBC_HMACSHA256_StreamHandler. msg/async: ensure consistency between con_mode and session_security. msg/async: drop MessageFrame. Use MessageHeaderFrame instead. msg/async: set con_mode and session_security at both peers. msg/async, auth: switch AuthStreamHandler::rxtx_t to std::unique_ptr. crypto: AES128GCM_StreamHandler brings authenticated encryption with AES-GCM. include: uint128_t -> ceph::uint128_t + using. msg/async: move crypto handling from ProtocolV2 into AuthStreamHandler. auth, msg: dissect AuthStreamHandler from AuthSessionHandler. auth/cephx: make _calc_signature() of CephxSessionHandler private. auth: drop {en,de}crypt_message() from AuthSessionHandler. auth: introduce DummyAuthSessionHandler. auth: make AuthSessionHandler purely abstract. auth: drop no_security() from AuthSessionHandler. auth: drop get_protocol() and get_key() from AuthSessionHandler. auth: drop sign_bufferlist() from AuthSessionHandler. msg/async: drop get_auth_meta() from Protocol. msg/async: emphasize ProtocolV2 does authenticated encryption. Reviewed-by: Sage Weil <sage@redhat.com>
No description provided.